Welcome! Log In Create A New Profile

Advanced

WAF with HA Proxy.

Posted by DHAVAL JAISWAL 
DHAVAL JAISWAL
WAF with HA Proxy.
May 09, 2018 11:30AM
I am looking for WAF solution with HA Proxy.

One which I come to know is with HA Proxy version 1.8.8 + mode security.
However, I feel its still on early stage.

Any other recommendation for WAF with HA Proxy.


--
Thanks & Regards
Dhaval Jaiswal
Mark Lakes
Re: WAF with HA Proxy.
May 09, 2018 07:50PM
For commercial purposes, see Signal Sciences Next Gen WAF solution:
https://www.signalsciences.com/waf-web-application-firewall/



*Mark Lakes*
Sr Software Engineer
(555) 555-5555
https://www.signalsciences.com/?utm_source=emailsig
Winner: InfoWorld Technology of the Year 2018
<https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>;
https://www.facebook.com/SignalSciences/
https://twitter.com/signalsciences
https://www.linkedin.com/company/signal-sciences/

On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]> wrote:

> I am looking for WAF solution with HA Proxy.
>
> One which I come to know is with HA Proxy version 1.8.8 + mode security.
> However, I feel its still on early stage.
>
> Any other recommendation for WAF with HA Proxy.
>
>
> --
> Thanks & Regards
> Dhaval Jaiswal
>
DHAVAL JAISWAL
Re: WAF with HA Proxy.
May 09, 2018 08:30PM
Looking for open source.

On Wed, May 9, 2018 at 11:10 PM, Mark Lakes <[email protected]>
wrote:

> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/
>
>
>
> *Mark Lakes*
> Sr Software Engineer
> (555) 555-5555
> https://www.signalsciences.com/?utm_source=emailsig
> Winner: InfoWorld Technology of the Year 2018
> <https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>;
> https://www.facebook.com/SignalSciences/
> https://twitter.com/signalsciences
> https://www.linkedin.com/company/signal-sciences/
>
> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]> wrote:
>
>> I am looking for WAF solution with HA Proxy.
>>
>> One which I come to know is with HA Proxy version 1.8.8 + mode security.
>> However, I feel its still on early stage.
>>
>> Any other recommendation for WAF with HA Proxy.
>>
>>
>> --
>> Thanks & Regards
>> Dhaval Jaiswal
>>
>
>


--
Thanks & Regards
Dhaval Jaiswal
Jonathan Matthews
Re: WAF with HA Proxy.
May 09, 2018 08:50PM
On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]> wrote:

> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/
>

That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
integrate with HAProxy? Via what mechanism?

J

> https://www.signalsciences.com/waf-web-application-firewall/
>
https://www.signalsciences.com/waf-web-application-firewall/
>
--
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html
Malcolm Turnbull
Re: WAF with HA Proxy.
May 09, 2018 08:50PM
Dhaval,

As far as I'm concerned almost everyone on the planet uses mod_security...
But most use it with apache & some use it with Nginx...
So you can either put it on all of your web servers...
Or Put it in-front of HAProxy...
Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])

[1] https://www.haproxy.com/blog/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/
[2] https://www.loadbalancer.org/blog/blocking-invalid-range-headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/


Malcolm Turnbull

Loadbalancer.org Ltd.

www.loadbalancer.org

+44 (0)330 380 1064
malcolm@loadbalancer.org




On 9 May 2018 at 19:21, DHAVAL JAISWAL <[email protected]> wrote:
> Looking for open source.
>
> On Wed, May 9, 2018 at 11:10 PM, Mark Lakes <[email protected]>
> wrote:
>>
>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>> https://www.signalsciences.com/waf-web-application-firewall/
>>
>>
>>
>> Mark Lakes
>> Sr Software Engineer
>> (555) 555-5555
>> Winner: InfoWorld Technology of the Year 2018
>>
>>
>> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]> wrote:
>>>
>>> I am looking for WAF solution with HA Proxy.
>>>
>>> One which I come to know is with HA Proxy version 1.8.8 + mode security.
>>> However, I feel its still on early stage.
>>>
>>> Any other recommendation for WAF with HA Proxy.
>>>
>>>
>>> --
>>> Thanks & Regards
>>> Dhaval Jaiswal
>>
>>
>
>
>
> --
> Thanks & Regards
> Dhaval Jaiswal
Mark Lakes
Re: WAF with HA Proxy.
May 09, 2018 09:40PM
RIght, via lua module it integrates with haproxy.
-mark




*Mark Lakes*
Sr Software Engineer
(555) 555-5555
https://www.signalsciences.com/?utm_source=emailsig
Winner: InfoWorld Technology of the Year 2018
<https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>;
https://www.facebook.com/SignalSciences/
https://twitter.com/signalsciences
https://www.linkedin.com/company/signal-sciences/

On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <[email protected]>
wrote:

> On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]> wrote:
>
>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>> https://www.signalsciences.com/waf-web-application-firewall/
>>
>
> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> integrate with HAProxy? Via what mechanism?
>
> J
>
>> https://www.signalsciences.com/waf-web-application-firewall/
>>
> https://www.signalsciences.com/waf-web-application-firewall/
>>
> --
> Jonathan Matthews
> London, UK
> http://www.jpluscplusm.com/contact.html
>
Andrew Smalley
Re: WAF with HA Proxy.
May 09, 2018 09:50PM
Hi Mark

Actually as far as I understand the Haproxy implementation of
mod_security integration is not with Lua but with SPOA

https://www.haproxy.org/download/1.7/doc/SPOE.txt
Andruw Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmalley@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 9 May 2018 at 20:36, Mark Lakes <[email protected]> wrote:
> RIght, via lua module it integrates with haproxy.
> -mark
>
>
>
>
> Mark Lakes
> Sr Software Engineer
> (555) 555-5555
> Winner: InfoWorld Technology of the Year 2018
>
>
> On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <[email protected]>
> wrote:
>>
>> On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]> wrote:
>>>
>>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>>> https://www.signalsciences.com/waf-web-application-firewall/
>>
>>
>> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
>> integrate with HAProxy? Via what mechanism?
>>
>> J
>>
>> --
>> Jonathan Matthews
>> London, UK
>> http://www.jpluscplusm.com/contact.html
>
>
Thierry Fournier
Re: WAF with HA Proxy.
May 09, 2018 10:10PM
Hi,

I confirm: the modsecurity i done throught SPOE.

The limitation are:

The limit of the body size analysed is the size of HAProxy buffer (default 16kB, but for my own usage, I configure 1MB)

The response is not analysed.

BR,
Thierry

> On 9 May 2018, at 21:40, Andrew Smalley <[email protected]> wrote:
>
> Hi Mark
>
> Actually as far as I understand the Haproxy implementation of
> mod_security integration is not with Lua but with SPOA
>
> https://www.haproxy.org/download/1.7/doc/SPOE.txt
> Andruw Smalley
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmalley@loadbalancer.org
>
> Leave a Review | Deployment Guides | Blog
>
>
> On 9 May 2018 at 20:36, Mark Lakes <[email protected]> wrote:
>> RIght, via lua module it integrates with haproxy.
>> -mark
>>
>>
>>
>>
>> Mark Lakes
>> Sr Software Engineer
>> (555) 555-5555
>> Winner: InfoWorld Technology of the Year 2018
>>
>>
>> On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <[email protected]>
>> wrote:
>>>
>>> On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]> wrote:
>>>>
>>>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
>>>> https://www.signalsciences.com/waf-web-application-firewall/
>>>
>>>
>>> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
>>> integrate with HAProxy? Via what mechanism?
>>>
>>> J
>>>
>>> --
>>> Jonathan Matthews
>>> London, UK
>>> http://www.jpluscplusm.com/contact.html
>>
>>
>
Andrew Smalley
Re: WAF with HA Proxy.
May 09, 2018 10:20PM
Hello Thierry

Thank you for your response saying it is the SPOE engine that does
mod_security integration and not the almost correct SPOA that I said.

Can I ask how haproxy does the SSO with the SPOE/SPOA Engine?


Andruw Smalley

Loadbalancer.org Ltd.

www.loadbalancer.org
+1 888 867 9504 / +44 (0)330 380 1064
asmalley@loadbalancer.org

Leave a Review | Deployment Guides | Blog


On 9 May 2018 at 21:04, Thierry Fournier <[email protected]> wrote:
> Hi,
>
> I confirm: the modsecurity i done throught SPOE.
>
> The limitation are:
>
> The limit of the body size analysed is the size of HAProxy buffer (default
> 16kB, but for my own usage, I configure 1MB)
>
>
> The response is not analysed.
>
>
> BR,
> Thierry
>
>
> On 9 May 2018, at 21:40, Andrew Smalley <[email protected]> wrote:
>
> Hi Mark
>
> Actually as far as I understand the Haproxy implementation of
> mod_security integration is not with Lua but with SPOA
>
> https://www.haproxy.org/download/1.7/doc/SPOE.txt
> Andruw Smalley
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmalley@loadbalancer.org
>
> Leave a Review | Deployment Guides | Blog
>
>
> On 9 May 2018 at 20:36, Mark Lakes <[email protected]> wrote:
>
> RIght, via lua module it integrates with haproxy.
> -mark
>
>
>
>
> Mark Lakes
> Sr Software Engineer
> (555) 555-5555
> Winner: InfoWorld Technology of the Year 2018
>
>
> On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <[email protected]>
> wrote:
>
>
> On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]> wrote:
>
>
> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/
>
>
>
> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> integrate with HAProxy? Via what mechanism?
>
> J
>
> --
> Jonathan Matthews
> London, UK
> http://www.jpluscplusm.com/contact.html
>
>
>
>
>
Mark Lakes
Re: WAF with HA Proxy.
May 09, 2018 10:20PM
Sure, note that it doesnt integrate with mod_security. It integrates with
haproxy via a lua script and haproxy config that uses it.



*Mark Lakes*
Sr Software Engineer
(555) 555-5555
https://www.signalsciences.com/?utm_source=emailsig
Winner: InfoWorld Technology of the Year 2018
<https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>;
https://www.facebook.com/SignalSciences/
https://twitter.com/signalsciences
https://www.linkedin.com/company/signal-sciences/

On Wed, May 9, 2018 at 12:40 PM, Andrew Smalley <[email protected]>
wrote:

> Hi Mark
>
> Actually as far as I understand the Haproxy implementation of
> mod_security integration is not with Lua but with SPOA
>
> https://www.haproxy.org/download/1.7/doc/SPOE.txt
> Andruw Smalley
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmalley@loadbalancer.org
>
> Leave a Review | Deployment Guides | Blog
>
>
> On 9 May 2018 at 20:36, Mark Lakes <[email protected]> wrote:
> > RIght, via lua module it integrates with haproxy.
> > -mark
> >
> >
> >
> >
> > Mark Lakes
> > Sr Software Engineer
> > (555) 555-5555
> > Winner: InfoWorld Technology of the Year 2018
> >
> >
> > On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <
> [email protected]>
> > wrote:
> >>
> >> On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]>
> wrote:
> >>>
> >>> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> >>> https://www.signalsciences.com/waf-web-application-firewall/
> >>
> >>
> >> That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> >> integrate with HAProxy? Via what mechanism?
> >>
> >> J
> >>
> >> --
> >> Jonathan Matthews
> >> London, UK
> >> http://www.jpluscplusm.com/contact.html
> >
> >
>
>
DHAVAL JAISWAL
Re: WAF with HA Proxy.
May 09, 2018 10:50PM
I would prefer to keep this in front of HAProxy. So that any request comes
first it will pass through he WAF standard rules and then it will come
inside.

Could you please help me with some more documentation, configuration about
this. How would I achieve it.



On Thu, May 10, 2018 at 12:14 AM, Malcolm Turnbull <[email protected]
> wrote:

> Dhaval,
>
> As far as I'm concerned almost everyone on the planet uses mod_security...
> But most use it with apache & some use it with Nginx...
> So you can either put it on all of your web servers...
> Or Put it in-front of HAProxy...
> Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])
>
> [1] https://www.haproxy.com/blog/scalable-waf-protection-with-
> haproxy-and-apache-with-modsecurity/
> [2] https://www.loadbalancer.org/blog/blocking-invalid-range-
> headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/
>
>
> Malcolm Turnbull
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
>
> +44 (0)330 380 1064
> malcolm@loadbalancer.org
>
>
>
>
> On 9 May 2018 at 19:21, DHAVAL JAISWAL <[email protected]> wrote:
> > Looking for open source.
> >
> > On Wed, May 9, 2018 at 11:10 PM, Mark Lakes <[email protected]>
> > wrote:
> >>
> >> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> >> https://www.signalsciences.com/waf-web-application-firewall/
> >>
> >>
> >>
> >> Mark Lakes
> >> Sr Software Engineer
> >> (555) 555-5555
> >> Winner: InfoWorld Technology of the Year 2018
> >>
> >>
> >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]>
> wrote:
> >>>
> >>> I am looking for WAF solution with HA Proxy.
> >>>
> >>> One which I come to know is with HA Proxy version 1.8.8 + mode
> security.
> >>> However, I feel its still on early stage.
> >>>
> >>> Any other recommendation for WAF with HA Proxy.
> >>>
> >>>
> >>> --
> >>> Thanks & Regards
> >>> Dhaval Jaiswal
> >>
> >>
> >
> >
> >
> > --
> > Thanks & Regards
> > Dhaval Jaiswal
>



--
Thanks & Regards
Dhaval Jaiswal
Anonymous User
Re: WAF with HA Proxy.
May 09, 2018 10:50PM
On Wed, 9 May 2018 21:10:48 +0100
Andrew Smalley <[email protected]> wrote:

> Hello Thierry
>
> Thank you for your response saying it is the SPOE engine that does
> mod_security integration and not the almost correct SPOA that I said.


No, you're right: SPOA is the Agent and the ModSec implemention is an
SPOA. SPOE is the Engine.


> Can I ask how haproxy does the SSO with the SPOE/SPOA Engine?


The SPOE/SPOA is designed for this kind of usage, but I don't heard
about any SPOA soft which implements this kind of functionnality.

I propose four ways:

- Not easy, but reliable: copy/paste the C SPOA demo agent and modify
it to perform SSO authentication according with your needs.

- Easy, but with questionable reliability (because recent dev): I
submit a few days ago a generic SPOA daemon whoch executes Python
scripts. Unfortunately, I based my dev on a old HAProxy version
(1.6 or 1.7), and the agent is not compatible with all SPOP
(P=Protocol) feature, but i works with 1.8 and 1.9.
https://www.mail-archive.com/[email protected]/msg29093.html
Once python is executed, you can done authentication with any backend.

- Hard and not reliable (because new dev): Internal haproxy dev (based
on the same way than SPOE and Lua socket) which communicates with
SASL. SASL seems great for SSO authentication: it can process many
authentication method (HTTP Basic, HTTP Digest) and use many backend:
PAM, files, passwd, ldap, ...)

- Easy with some protocols and reliable. Use Lua and socket to
establish authentication protocol with another server. But some
limitations prevent the usage of some libraries. The libldap is
not usable. The usable libs are libs using luasocket, but which
can be modificated for using haproxy sockets (its the same API
than luasocket).

BR,
Thierry


>
>
> Andruw Smalley
>
> Loadbalancer.org Ltd.
>
> www.loadbalancer.org
> +1 888 867 9504 / +44 (0)330 380 1064
> asmalley@loadbalancer.org
>
> Leave a Review | Deployment Guides | Blog
>
>
> On 9 May 2018 at 21:04, Thierry Fournier <[email protected]> wrote:
> > Hi,
> >
> > I confirm: the modsecurity i done throught SPOE.
> >
> > The limitation are:
> >
> > The limit of the body size analysed is the size of HAProxy buffer (default
> > 16kB, but for my own usage, I configure 1MB)
> >
> >
> > The response is not analysed.
> >
> >
> > BR,
> > Thierry
> >
> >
> > On 9 May 2018, at 21:40, Andrew Smalley <[email protected]> wrote:
> >
> > Hi Mark
> >
> > Actually as far as I understand the Haproxy implementation of
> > mod_security integration is not with Lua but with SPOA
> >
> > https://www.haproxy.org/download/1.7/doc/SPOE.txt
> > Andruw Smalley
> >
> > Loadbalancer.org Ltd.
> >
> > www.loadbalancer.org
> > +1 888 867 9504 / +44 (0)330 380 1064
> > asmalley@loadbalancer.org
> >
> > Leave a Review | Deployment Guides | Blog
> >
> >
> > On 9 May 2018 at 20:36, Mark Lakes <[email protected]> wrote:
> >
> > RIght, via lua module it integrates with haproxy.
> > -mark
> >
> >
> >
> >
> > Mark Lakes
> > Sr Software Engineer
> > (555) 555-5555
> > Winner: InfoWorld Technology of the Year 2018
> >
> >
> > On Wed, May 9, 2018 at 11:43 AM, Jonathan Matthews <[email protected]>
> > wrote:
> >
> >
> > On Wed, 9 May 2018 at 18:43, Mark Lakes <[email protected]> wrote:
> >
> >
> > For commercial purposes, see Signal Sciences Next Gen WAF solution:
> > https://www.signalsciences.com/waf-web-application-firewall/
> >
> >
> >
> > That page says it supports "Nginx, Nginx Plus, Apache and IIS". Does it
> > integrate with HAProxy? Via what mechanism?
> >
> > J
> >
> > --
> > Jonathan Matthews
> > London, UK
> > http://www.jpluscplusm.com/contact.html
> >
> >
> >
> >
> >
>
Anonymous User
Re: WAF with HA Proxy.
May 09, 2018 11:00PM
On Thu, 10 May 2018 02:07:24 +0530
DHAVAL JAISWAL <[email protected]> wrote:

> I would prefer to keep this in front of HAProxy. So that any request comes
> first it will pass through he WAF standard rules and then it will come
> inside.


HAProxy is a very robust component. It block protocol attacks which doesn't
respect HTTP protocol and forward other attacks. In other way, it can block
basic attacks with simple ACL (attacks like http://../../../etc/passwd).

With HAProxy in front component, you can process loadbalancing on your WAFs.
This is useful because WAFs use more CPU than loadbalancers.

BR,
Thierry


> Could you please help me with some more documentation, configuration about
> this. How would I achieve it.
>
>
>
> On Thu, May 10, 2018 at 12:14 AM, Malcolm Turnbull <[email protected]
> > wrote:
>
> > Dhaval,
> >
> > As far as I'm concerned almost everyone on the planet uses mod_security...
> > But most use it with apache & some use it with Nginx...
> > So you can either put it on all of your web servers...
> > Or Put it in-front of HAProxy...
> > Or make an HAProxy[1] sandwich (which is what we do at Loadbalancer.org[2])
> >
> > [1] https://www.haproxy.com/blog/scalable-waf-protection-with-
> > haproxy-and-apache-with-modsecurity/
> > [2] https://www.loadbalancer.org/blog/blocking-invalid-range-
> > headers-using-modsecurity-and-haproxy-ms15-034-cve-2015-1635/
> >
> >
> > Malcolm Turnbull
> >
> > Loadbalancer.org Ltd.
> >
> > www.loadbalancer.org
> >
> > +44 (0)330 380 1064
> > malcolm@loadbalancer.org
> >
> >
> >
> >
> > On 9 May 2018 at 19:21, DHAVAL JAISWAL <[email protected]> wrote:
> > > Looking for open source.
> > >
> > > On Wed, May 9, 2018 at 11:10 PM, Mark Lakes <[email protected]>
> > > wrote:
> > >>
> > >> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> > >> https://www.signalsciences.com/waf-web-application-firewall/
> > >>
> > >>
> > >>
> > >> Mark Lakes
> > >> Sr Software Engineer
> > >> (555) 555-5555
> > >> Winner: InfoWorld Technology of the Year 2018
> > >>
> > >>
> > >> On Wed, May 9, 2018 at 2:23 AM, DHAVAL JAISWAL <[email protected]>
> > wrote:
> > >>>
> > >>> I am looking for WAF solution with HA Proxy.
> > >>>
> > >>> One which I come to know is with HA Proxy version 1.8.8 + mode
> > security.
> > >>> However, I feel its still on early stage.
> > >>>
> > >>> Any other recommendation for WAF with HA Proxy.
> > >>>
> > >>>
> > >>> --
> > >>> Thanks & Regards
> > >>> Dhaval Jaiswal
> > >>
> > >>
> > >
> > >
> > >
> > > --
> > > Thanks & Regards
> > > Dhaval Jaiswal
> >
>
>
>
> --
> Thanks & Regards
> Dhaval Jaiswal
Willy Tarreau
Re: WAF with HA Proxy.
May 09, 2018 11:10PM
Mark,

On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote:
> For commercial purposes, see Signal Sciences Next Gen WAF solution:
> https://www.signalsciences.com/waf-web-application-firewall/

Advertising for commercial products on an open source list is never welcome
especially when such a response looks like it's made only to try to place a
product and nor really to propose a technical solution (and it's not as if
you had ever responded to a question here prior to this one).

A large number of commercial product vendors are represented here, some of
whom invest a lot in R&D and support, some even competing in certain areas,
and all of them respect this basic rule, focusing only on sharing knowledge
and improvements to haproxy. A few times I've even rejected requests from
some of my coworkers who asked if it was OK to respond to someone with a
link to one of HapTech's commercial solutions and I'm pretty sure others
do the same in other companies.

Given the complaints we used to have in the past with the spams on the list,
I'm pretty sure that most of the list's participants would prefer that the
list remains free of any form of advertising so that we can continue to work
all together without being polluted nor starting to suspect that each proposal
or question would derive to another ad.

Also, I'm normally not the one who'd comment on each other's signature, but
this one occupies almost half of my 80x24 response e-mail window, full of
links and even trackers as if you were trying hard to make a bit of SEO,
and this is quite impolite to many users, so I think it would be reasonable
to significantly trim it down :

> *Mark Lakes*
> Sr Software Engineer
> (555) 555-5555
> https://www.signalsciences.com/?utm_source=emailsig
> Winner: InfoWorld Technology of the Year 2018
> <https://www.infoworld.com/article/3251828/application-development/infoworlds-2018-technology-of-the-year-award-winners.html#slide24>;
> https://www.facebook.com/SignalSciences/
> https://twitter.com/signalsciences
> https://www.linkedin.com/company/signal-sciences/

You will simply not find this from most of the regular participants on this
list and many would probably like to take the opportunity as well but refrain
from doing so to respect others. So at least being the only one to post like
this should give you a hint how to proceed in the future.

Thanks,
Willy
Mark Lakes
Re: WAF with HA Proxy.
May 09, 2018 11:40PM
Thank you for the feedback, although this is in fact a technical solution I
never intended to offend anyone. I have submitted fixes to haproxy in the
past but have not as you say responded to questions before this.

thanks again for the feedback
-mark





On Wed, May 9, 2018 at 2:03 PM, Willy Tarreau <[email protected]> wrote:

> Mark,
>
> On Wed, May 09, 2018 at 10:40:38AM -0700, Mark Lakes wrote:
> > For commercial purposes, see Signal Sciences Next Gen WAF solution:
> > https://www.signalsciences.com/waf-web-application-firewall/
>
> Advertising for commercial products on an open source list is never welcome
> especially when such a response looks like it's made only to try to place a
> product and nor really to propose a technical solution (and it's not as if
> you had ever responded to a question here prior to this one).
>
> A large number of commercial product vendors are represented here, some of
> whom invest a lot in R&D and support, some even competing in certain areas,
> and all of them respect this basic rule, focusing only on sharing knowledge
> and improvements to haproxy. A few times I've even rejected requests from
> some of my coworkers who asked if it was OK to respond to someone with a
> link to one of HapTech's commercial solutions and I'm pretty sure others
> do the same in other companies.
>
> Given the complaints we used to have in the past with the spams on the
> list,
> I'm pretty sure that most of the list's participants would prefer that the
> list remains free of any form of advertising so that we can continue to
> work
> all together without being polluted nor starting to suspect that each
> proposal
> or question would derive to another ad.
>
> Also, I'm normally not the one who'd comment on each other's signature, but
> this one occupies almost half of my 80x24 response e-mail window, full of
> links and even trackers as if you were trying hard to make a bit of SEO,
> and this is quite impolite to many users, so I think it would be reasonable
> to significantly trim it down :
>
> > *Mark Lakes*
> > Sr Software Engineer
> > (555) 555-5555
> > https://www.signalsciences.com/?utm_source=emailsig
> > Winner: InfoWorld Technology of the Year 2018
> > <https://www.infoworld.com/article/3251828/application-
> development/infoworlds-2018-technology-of-the-year-award-
> winners.html#slide24>
> > https://www.facebook.com/SignalSciences/
> > https://twitter.com/signalsciences
> > https://www.linkedin.com/company/signal-sciences/
>
> You will simply not find this from most of the regular participants on this
> list and many would probably like to take the opportunity as well but
> refrain
> from doing so to respect others. So at least being the only one to post
> like
> this should give you a hint how to proceed in the future.
>
> Thanks,
> Willy
>
Sorry, only registered users may post in this forum.

Click here to login